Identify fraud: Costing us billions

It's not just something you see in a bad American movie — identity fraud is an increasing problem in Australia.

And it's costing Australians as much as $2 billion a year, says Erica Hughes, Baycorp Advantage general manager, information services and solutions.

Hughes says about 20,000 credit applications each year are a result of identity fraud.

"Wherever there's money to be obtained, people can design ways to get access to it," says Dr Russell Smith, principal criminologist at the Australian Institute of Criminology. They might take out loans or apply for credit cards in your name, obtain benefits from the government or use your identity to avoid paying child support.

"This creates enormous problems for victims trying to undo the damage caused," says the Office of Consumer and Business Affairs South Australia (OCBASA). "Not only do the victims spend large amounts of time and resources convincing banks and other financial institutions that they were not responsible, they also have extreme difficulty restoring their credit record and their reputation."

In many cases the customer won't be held liable for any losses. But while you might not end up paying any money, you still have to go to the trouble of contacting all the institutions involved, often as many as 20, to correct your records, says Smith. You might end up with out-of-pocket expenses to replace documents like your driver's licence or passport.

Mind your rubbish

Fraudsters can use a range of low-tech and high-tech methods to get their hands on your personal details. "There are still people who trawl through garbage bins and use the information they find to create an identity," says Tony Burke, director, security issues, with the Australian Bankers Association.

Smith says other people get tricked into disclosing their details by people pretending to be telemarketers or your bank. This is known as "social engineering" and where "phishing" stems from. Phishing is essentially when you get an e-mail claiming to be from your bank and asking for your password, banking registration numbers or passwords. "Phishing has been around for a few years but it has grown in sophistication," says Burke.

Often the e-mails contain a link to a website that looks very similar to your bank's website. While bank customers are the most common targets, in recent times clients of online auction sites or other online payment facilities might also be targeted.

High-tech fraudsters might get your personal information by hacking into databases that contain all the details they need, says Smith. There have even been cases when databases have been compromised accidentally through a company's negligence. Spyware is another growing problem. Essentially, software is secretly installed on a computer and takes personal information without the permission or knowledge of the user, explains the Australian Federal Police.

The banks are doing their bit to fight identity fraud. Many banks use sophisticated software that looks at customer behaviour. "It will raise an alert if a transaction is out of an individual's normal profile," says Burke. If that's the case the customer will be contacted.

The ABA website says some banks are working on two-factor authentication systems. "That means customers will identify themselves twice: first with something they know and then with something they have," says the ABA. "For example, use a password to log on to Internet banking and the bank might send an SMS message with a unique number to enter and authenticate the transaction. The unique number could also be generated by a device known as a security token."

The security token is something Verisign introduced in early February, called Verisign Identity Protection (VIP). PayPal was one of the first companies to jump on board.

"A lot of what the Bankers Association does is about raising awareness. We think that's really important," says Burke. The good news is it seems to be working. "Because more people are aware of the type of scams, less people are falling for them and taking quick action," says Burke.

So don't wait for others to do the work — make sure you are protected.